[Xymon] HTTPS tests fails when TLS 1.1 and 1.2 only is enabled

Mark Felder feld at feld.me
Tue Apr 14 15:11:12 CEST 2015



On Tue, Apr 14, 2015, at 07:50, Mark Felder wrote:
> 
> 
> On Tue, Apr 14, 2015, at 06:47, Dito wrote:
> > I saw a post back that someone suggested to use "httpst://url" but that
> > is
> > not working either.
> > I am running build .17 , not sure if upgrading to .18 or .19 will work,
> > I'll read the notes.
> > 
> > 
> > Is there another way to fix?
> > 
> 
> From hosts.cfg man page:
> 
> * "t",  e.g. httpst://www.sample.com/ : use only TLSv1
> 
> 
> Looks like we need to patch xymonnet to let us specify TLS 1.1 and 1.2
>

I may have successfully created a patch to add this behavior, but I need
to do some extensive testing. Adding specific options for TLS 1.1 and
1.2 means it could break the build in environments where the OpenSSL
version does not recognize these protocols. I'm not sure we want to
break compatibility, although my personal opinion is that we should
encourage users to upgrade in the name of security....



More information about the Xymon mailing list